|
195001
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
|
The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2021-23958
|
2024-11-21 14:52 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195002
|
7.4 |
HIGH
Network
|
mozilla
|
firefox
|
Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffect…
|
NVD-CWE-noinfo
|
CVE-2021-23957
|
2024-11-21 14:52 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195003
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
|
An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerabili…
|
NVD-CWE-noinfo
|
CVE-2021-23956
|
2024-11-21 14:52 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195004
|
6.1 |
MEDIUM
Network
|
mozilla
|
firefox
|
The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85.
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2021-23955
|
2024-11-21 14:52 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195005
|
8.8 |
HIGH
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability …
|
CWE-843
Type Confusion
|
CVE-2021-23954
|
2024-11-21 14:52 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195006
|
4.3 |
MEDIUM
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects …
|
NVD-CWE-noinfo
|
CVE-2021-23953
|
2024-11-21 14:52 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195007
|
8.1 |
HIGH
Network
|
mozilla
|
firefox
|
When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be u…
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2021-23976
|
2024-11-21 14:52 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195008
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
|
The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof funct…
|
CWE-862
Missing Authorization
|
CVE-2021-23975
|
2024-11-21 14:52 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195009
|
6.1 |
MEDIUM
Network
|
mozilla
|
firefox
|
The DOMParser API did not properly process '<noscript>' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86.
|
NVD-CWE-noinfo
|
CVE-2021-23974
|
2024-11-21 14:52 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195010
|
6.5 |
MEDIUM
Network
|
mozilla
debian
|
firefox
firefox_esr
thunderbird
debian_linux
|
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerab…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2021-23973
|
2024-11-21 14:52 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
